[DFSci] Announcing SIFT Workstation 2.0 Release (100% Free Tool)

Rob Lee rob_t_lee at yahoo.com
Thu Mar 25 22:17:23 PDT 2010 

SIFT Workstation 2.0 Download  Location
	* http://computer-forensics.sans.org 

	* Look under the Community Tab -> Select Downloads 
Background
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers
can be accomplished using freely available open-source tools.

The
SANS SIFT Workstation is a VMware Appliance that is pre-configured with
all the necessary tools to perform a detailed digital forensic
examination. It is compatible with Expert Witness Format (E01),
Advanced Forensic Format (AFF), and raw (dd) evidence formats. The
brand new version has been completely rebuilt on an Ubuntu base with
many additional tools and capabilities that can match any modern
forensic tool suite.  Optionally, you can download the SIFT Workstation DVD ISO which will allow you to install this on a stand-alone system.
SIFT Workstation 2.0 Capabilities
Ability
to securely examine raw disks, multiple file systems, evidence formats.
Places strict guidelines on how evidence is examined (read-only)
verifying that the evidence has not changed
File system support 
	* Windows (MSDOS, FAT, VFAT, NTFS)
	* MAC (HFS)
	* Solaris (UFS)
	* Linux (EXT2/3)
Evidence Image Support 
	* Expert Witness (E01)
	* RAW (dd)
	* Advanced Forensic Format (AFF)
Software Includes: 
	* The Sleuth Kit (File system Analysis Tools)
	* log2timeline (Timeline Generation Tool)
	* Regripper (registry mining)

	* ssdeep & md5deep (Hashing Tools)
	* Foremost/Scalpel (File Carving)
	* WireShark (Network Forensics)
	* Vinetto (thumbs.db examination)
	* Pasco (IE Web History examination)
	* Rifiuti (Recycle Bin examination)
	* Volatility Framework (Memory Analysis)
	* DFLabs PTK (GUI Front-End for Sleuthkit)
	* Autopsy (GUI Front-End for Sleuthkit)
	* PyFLAG (GUI Log/Disk Examination)
	* And over 150 more tools/capabilities

More information about the DFSci mailing list